Yesterday after scanning virus with Kaspersky online(which is a Java Applet), I saved the log file in my documents; however, I can’t find it anywhere in my document folder. I thought it was lost, so I opened the online scanner and tried to save again and I still saw the old file there. I wondered where did it go, so I searched for it, but Vista’s search function is quite useless and it didn’t find it. I then looked into the AppData folder to try to find it but still nothing. Later on I tried to boot into Linux and searched for the file again, and I found it in the “AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized” folder, which was kinda weird. It was Vista’s new security feature to Virtualize those programs that are incompatible and make them to write to a different folder than the actual one, but how come other programs can’t see those virtualized files? To prevent things like this, I have to run Internet Explorer as administrator to save the file in order for the file to be written to the correct folder.
I have gotten several times a message from AVG Antivirus Free 7.1 that says “Your AVG Anti-Virus 7.1 will be discontinued on 15. January 2007!” I always thought that avg is not going to be free anymore, since many free software that become paid have that kinds of notice. Until today I paid more attention on what it said I realized that it’s just a notice that tells us to upgrade to AVG 7.5 for free. I can’t upgrade to AVG 7.5 in the update manager, I had to go to AVG‘s website to download it and install it using the Repair Install option, after that restart and everything is done. I’m very happy that AVG keeps its antivirus software for free, I hope that they’ll also keep it for free in the future.
If you really want to test out or use a program that might be potentially unsafe, contain virus, or do something you didn’t expect, but you don’t want your computer to be hurt, what should you do? Here’s some tips to do it safely.
- for both Windows and Linux you can make a Windows virtual machine with VMware and make a snapshot before testing those programs, if something is wrong with the program you can go back to the snapshot.
- For linux users there’s even more options, we could test the program with a non-root user account, but still you might want to create a new user account to test it if your own user account has many datas because some programs might destroy datas that they can access.
- For advanced users they can use other options like make virtual machine with user-mode kernel or mount with unionfs to test the program with a virtual root account.
- For Windows users running programs with limited users might help, but most Windows programs won’t run properly under those accounts, for now the only solution that I can think of for this is VMware. You can also track what the program does by using Filemon to monitor file changes, Regmon to monitor registry changes, and Urlsnooper to monitor the url the program accessed, or any other utilities in addition of those mentioned above.
Demostration of Windows infected by the infamous wmf metavirus virus in VMWare after opening an infected wmf file. https://www.youtube.com/watch?v=8QstYw5Ho3w (The video is original and made by myself)